The purpose of Killtest new NSE7 exam guide is to provide you with information about the NSE7 Enterprise Firewall - FortiOS 5.4 Exam and ensure that you can pass NSE7 Fortinet exam in the first try. To get familiar with real exam environment, we suggest you try Killtest free NSE7 exam demo questions. 2019 New NSE7 Exam Guide V10.02 is the free file which contains NSE7 demo questions. Before getting the whole version of new NSE7 exam questions, just read the free file first.
The safer , easier way to help you pass any IT exams.
1 / 17
Exam : NSE7
Title :
Version : V10.02
NSE7 Enterprise Firewall -
FortiOS 5.4
The safer , easier way to help you pass any IT exams.
2 / 17
1.Examine the IPsec configuration shown in the exhibit; then answer the question below.
An administrator wants to monitor the VPN by enabling the IKE real time debug using these commands:
- diagnose vpn ike log-filter src-addr4 10.0.10.1
- diagnose debug application ike -1
- diagnose debug enable
The VPN is currently up, there is no traffic crossing the tunnel and DPD packets are being interchanged
between both IPsec gateways.
However, the IKE real time debug does NOT show any output.
Why isn’t there any output?
A. The IKE real time shows the phases 1 and 2 negotiations only. It does not show any more output once
the tunnel is up.
B. The log-filter setting is set incorrectly. The VPN’s traffic does not match this filter.
C. The IKE real time debug shows the phase 1 negotiation only. For information after that, the
administrator must use the IPsec real time debug instead: diagnose debug application ipsec -1.
D. The IKE real time debug shows error messages only. If it does not provide any output, it indicates that
the tunnel is operating normally.
Answer: A
The safer , easier way to help you pass any IT exams.
3 / 17
2.Which of the following statements are true regarding the SIP session helper and the SIP application
layer gateway (ALG)? (Choose three.)
A. SIP session helper runs in the kernel; SIP ALG runs as a user space process.
B. SIP ALG supports SIP HA failover; SIP helper does not.
C. SIP ALG supports SIP over IPv6; SIP helper does not.
D. SIP ALG can create expected sessions for media traffic; SIP helper does not.
E. SIP helper supports SIP over TCP and UDP; SIP ALG supports only SIP over UDP.
Answer: B,C,D
3.A FortiGate device has the following LDAP configuration:
The administrator executed the ‘dsquery’ co